Digital privacy and security are a top-of-mind concern for Americans, and at TechCrunch Disrupt in Brooklyn this week, speakers examined the line between the two, and how the public and private sectors should approach the thorniest issue in the tech world.

On the advocacy front, Nate Cardozo, a senior staff attorney on the Electronic Frontier Foundation's (EFF) digital civil liberties team appeared with the HackerOne platform's Marten Mickos. On the government side, General Michael Hayden, former director of the NSA and CIA, took the stage to talk about everything from Donald Trump and Hillary Clinton's emails to how the NSA works in accordance with government privacy and encryption laws.

Hayden, who served from 1999-2009, said the NSA has some complex decisions to make in order to build back public trust in a post-Snowden era while maintaining the ability to collect and analyze national security data.

Much of the NSA's ability to legally collect and store data on US citizens, Hayden explained, comes from provisions in Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sanctions what's called incidental collection. The NSA collects foreign intelligence, and while the target of that surveillance must be a non-US individual not protected by the Fourth Amendment, information about a protected citizen may be captured in the course of that activity.

"You're not allowed to destroy it; it's not a mistake, but in the normal course of this you are going to get data when the legitimate intelligence target is communicating with the protected person," said Hayden. "The normal rule is to suppress it; you minimize it and you don't put it in the reports, but it does reside in the database."

This is what allows the NSA to collect data either from a secure endpoint or in transit on legitmate intelligence targets based on the reality that "not all emails in America are of America, and not all the emails transiting America are of Americans," Hayden explained.

On the subject of encryption law, Hayden said the government is also wrong in thinking metadata isn't a big deal, and said it would be interesting to challenge the 1978 court decision that ruled metadata is not protected.

"It really doesn't matter what the [NSA] director or Congress or the court system decide; you know the unavoidable arc of technology is in the direction of unbreakable encryption. There are no laws that will get in the way of that reality," said Hayden.

Earlier, the EFF's Cardozo said the technological realities aren't enough. In the absence of a regulatory framework like the legal data protections Europeans are prepping, we need something to protect our data, he said.

"We put our entire lives online...and we still barely understand how to secure all the devices you have in front of you and in your pocket," said Cardozo. "Companies like Apple are starting to figure it out, and it's causing a challenge for law enforcement that they've never had before."

Cardozo explained that we have a new digital divide between governmental view toward default encryption and the sophisticated actors who can exploit it.

The 800-pound gorilla in the room, he said, is embedded systems that have never had network connectivity or radios before like medical devices, cars, and voting machines. They are incredibly vulnerable with no clear security framework to protect them.

The Internet of Things, Cardozo quipped, is more like the "Internet of S**t."

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.